CrowdStrike Certified Falcon Hunter (CCFH) — Question 3
The Falcon Detections page will attempt to decode Encoded PowerShell Command line parameters when which PowerShell Command line parameter is present?
Answer options
- A. -Command
- B. -Hidden
- C. -e
- D. -nop
Correct answer: C
Explanation
The correct answer is C, as the '-e' parameter is specifically used to indicate that the command is encoded. The other options, while valid PowerShell parameters, do not indicate encoding and therefore do not prompt the Falcon Detections page to decode the command line parameters.